When you use our websites, your personal data is processed by us as the data controller and stored for the period required to fulfill the specified purposes and legal obligations. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.
According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
This applies for the data processing on all our websites having reference to this data privacy notice.
Please direct any questions concerning data protection or your rights as a data subject to our representative.
A visit to our website is possible without providing any information about yourself. The browser used on you terminal device only sends automated information to our website server (e.g. browser type and version, data and time of access) to enable the website to set up a connection. The IP address of your enquiring terminal device is part of this process. This information is temporarily stored in a log file and after 52 weeksautomatically deleted. The processing of the IP address is for technical and administrative purposes related to the connection setup and stability to ensure the security and operational functionality of our website and to track any unlawful hacking attacks if required. The basis of legitimate processing of the IP address is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest arises from the previously stated security aspects and the requirement of ensuring the operative availability of our websites without disruption. We are not able to establish any reference as to your identity when processing the IP address and other information in the logfile.
In addition cookies and other analytical services are used when visiting our websites. For further details please refer to section 4 and5 of this data protection notice.
Should you wish to order products via our website we collect the following compulsory information:
The data is collected
Your email address is required to provide an order confirmation and a dispatch reference code. You are only contacted by email should a problem arise in connection with your order.
The smooth and uncomplicated processing of your order requires the following additional optional data input by you in order to ensure quick response in clarifying any queries:
Provision of this data is voluntary. Should you provide your mobile number we are able to provide information you on the status
of your order by phone or SMS and to contact you at short notice regarding any problems.
You are only contacted on your fixed line number should there be a problem with your order and only speak with you and no one else about your order. We always first try to contact you using your mobile phone number.
Data processing commences on receipt of your enquiry and is required for the purposes stated and completion of the contract and preliminary contractual measures pursuant to Art. 6 para. 1 p. 1 lit. b GDPR.
It is possible to add further details during the order procedure (date of birth and relevant details as to how you found us) which assists us in improving our products and to match these to the needs to our customers. The processing of data provided voluntarily is based on Art. 6 para. 1 p. 1 lit. f GDPR and serves to optimize our product range. This purpose is to be considered a legitimate interest in the meaning of the provisions stated.
The personal data collected by us related to the order is stored until the expiry of the statutory guarantee period and then automatically deleted unless we are required pursuant to Art. 6 para. 1 p. 1 lit. c GDPR to store for a longer period for tax and commercial archiving and documentation purposes (as per German commercial code, penal and fiscal code) or you provide your consent to a prolongation of storage pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.
You are free to register for our newsletter during the ordering procedure. Should you expressly provide your consent pursuant
to Art. 6 para. 1 p. 1 lit. a GDPR, your email address used for the ordering procedure is also used to regularly transmit
our personalized newsletter to you.
You then are sent a notification of registration by email which you need to confirm in order to receive the newsletter (double opt-in). This serves as verification that the registration was indeed initiated by you.
Deregistration is via a link at the end of each newsletter Your email address is immediately deleted after revocation of your consent to the transmission of the newsletter. Alternatively deregistration is possible via email at any time at firstname.lastname@example.org.
The provision of the following information is compulsory when registering for our affiliate program:
A password is also needed to ensure that you are able to later login to your personal user account. Additionally you have the option of providing your company and tax ID. The data is collected in order to assess whether you should be considered as a contracting partner for our affiliate program and to contact you in this regard if necessary, as well as to make you commission payments on conclusion of a contract.
Data processing commences on receipt of your enquiry and is required pursuant to Art. 6 para. 1 p. 1 lit. b or lit. f GDPR for completion of the contract for our affiliate program and the necessary preliminary contractual measures ( selection of our contracting partner) or to serve the maintenance of legitimate interests for purposes stated.
Your personal data is transmitted to third parties should this be permissible by law and required pursuant to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of the contractual relationship. This includes especially the transmission to forwarding companies to ensure the delivery of the goods you ordered and transmission of payment details to payment service companies or credit institutions in order to complete the payment procedure. The transmitted data is only to be used by the third party exclusively for the purposes stated.
Most browsers automatically accept cookies. It is possible however to configure your browser not to store cookies on your computer or to always notify you before adding a new cookie. Should you completely block cookies it is possible that not all the functions of our website are available.
The lawful basis for the tracking measures we employ is Art. 6 para. 1 p. 1 lit. f GDPR. and are listed below.
The tracking measures used ensure that we provide a needs-orientated design and optimize our websites on an ongoing basis. Tracking measures are also applied to compile the statistical assessment of our websites. The data is then used to optimize the presentation of our website content. These interests are to be considered legitimate in the meaning of the provisions stated above.
The respective purpose for data processing and categorizing is stated in the description relating to the relevant tracking tool.
This website uses Google Analytics, a web analysis service of Google LLC (www.google.com; as follows: ‘Google’). A pseudonymous usage profile is set up and cookies (see section4) used. The information on your use of this website generated by the cookie, such as
is transmitted to a Google server in the USA and stored there. Google complies with the US Privacy Shield data protection
provisions and is registered with the US Privacy Shield program of the US trade ministry. Furthermore we have concluded an
order processing agreement with Google for the use of Google Analytics. This agreement ensures Google processes data in
compliance with the general data protection regulations and guarantees to protect the rights of the data subject involved.
The information is used to analyze the use of our websites, generate reports on website activities and to provide additional
services related to website and internet use for market research purposes and to design the website to meet the needs of users.
This information may also be transmitted to third parties where required by law or should third parties be commissioned to process the data. Your IP address is never merged with other Google data. The IP addresses are anonymized ensuring that no match to an individual is possible (IP masking).
It is possible to configure your browser software to prevent cookies from being installed. Please note that by doing so not all the functions of the websites may be fully available.
It is possible to further prevent data generated by the cookie from being collected on your use of this website (incl. your IP address) and the data being processed by Google by downloading and installing a browser add-on.
Besides the browser add-on, particularly with browsers on mobile terminal devices, collection of your data by Google Analytics is also prevented by clicking on this link. An opt-out cookie is then set up in your browser preventing future collection of your data when you visit this website. The opt-out cookie only applies to that browser and only for our website, and is installed on your device. After deleting cookies in this browser you need to reinstall the opt-out cookie.
More information on data protection in connection with Google Analytics is available in the help page of Google Analytics.
We use the Open Source Software Matomo (formerly Piwik) of InnoCraft Ltd. (www.innocraft.com; as follows: ‘Matomo’) to
analyse and statistically evaluate the use of the websites.
To this purpose cookies are setup (see section 4). All the information generated by the cookie on the usage of the website is transmitted to our server a pseudonymous usage profile is compiled. The information is used to evaluate the website usage and to provide a needs-orientated design for our websites. There is no transmission of information to third parties.
Our websites are based on the possession of your consent pursuant to Art. 6 para. 1 page 1 lit. a GDPR components (videos)
of the company YouTube, LLC (www.youtube.com; as follows: ‘YouTube’), an enterprise of Google LLC.
We make use of the‘extended data privacy mode’, an option provided by YouTube for this purpose.
Should your visit apage which uses an embedded video, then the connection to the YouTube server is set up and the content is displayed by notification to your browser on the internet page.
In accordance with information provided by YouTube your data is only then transmitted to the YouTube server in the USA when you watch the video in the ‘extended data protection modus’ - specifically those of our websites you visit as well as the information specific to the device including your IP address. You consent to this transmission when you click on the video.
Should you be logged in simultaneously to YouTube then this information is assigned to your YouTube membership account. This is prevented by you deregistering from your membership account before you visit our website.
Google complies with the US Privacy Shield data protection provisions and is registered with the US Privacy Shield program of the US trade ministry. More information on data protection in connection with YouTube is available in the data protection provisions of Google.
You have the right:
Right of revocation
Should your personal data be processed based on legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to your personal data being processed on the basis of your particular situation or the revocation is related to direct advertising. In the latter case you are entitled to a general right of revocation which we implement without indication of a specific situation. Should you wish to exercise your right of revocation, please email us at email@example.com
All the personal data transmitted by you is transferred encrypted by the commonly accepted and secure Standard TLS (Transport
Layer Security). TLS is a secure and proven standard, also used for example in online banking. A secure TLS connection is
recognizable by the additional s after http (i.e. https://...) in the address bar of your browser or by the lock symbol
in the lower area of your browser.
We apply suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously enhanced to correspond with the technological developments.
This data privacy notice is the latest version dated May 2018.
This data privacy notice is subject to change due to improvements to our website and related offers or due to changes in statutory or regulatory requirements. The latest version of the data privacy notice is available at any time under https://www.phallosan.com/privacy-policy.php and is printable.